[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff jmm at debian.org
Mon Jan 25 17:36:13 GMT 2021 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a37efd55 by Moritz Muehlenhoff at 2021-01-25T18:35:22+01:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -8,7 +8,7 @@ CVE-2021-3286 (SQL injection exists in Spotweb 1.4.9 because the notAllowedComma
 	- spotweb <not-affected> (Incomplete fix for CVE-2020-35545 not applied)
 	NOTE: https://github.com/spotweb/spotweb/issues/653
 CVE-2021-3285 (jxbrowser in TI Code Composer Studio IDE 8.x through 10.x before 10.1. ...)
-	TODO: check
+	NOT-FOR-US: TI Code Composer Studio IDE
 CVE-2021-3284
 	RESERVED
 CVE-2021-3283
@@ -252,21 +252,21 @@ CVE-2021-25910
 CVE-2021-25909
 	RESERVED
 CVE-2021-25908 (An issue was discovered in the fil-ocl crate through 2021-01-04 for Ru ...)
-	TODO: check
+	NOT-FOR-US: Rust crate fil-ocl
 CVE-2021-25907 (An issue was discovered in the containers crate before 0.9.11 for Rust ...)
-	TODO: check
+	NOT-FOR-US: Rust crate containers
 CVE-2021-25906 (An issue was discovered in the basic_dsp_matrix crate before 0.9.2 for ...)
-	TODO: check
+	NOT-FOR-US: Rust crate basic_dsp_matrix
 CVE-2021-25905 (An issue was discovered in the bra crate before 0.1.1 for Rust. It lac ...)
-	TODO: check
+	NOT-FOR-US: Rust crate bra
 CVE-2021-25904 (An issue was discovered in the av-data crate before 0.3.0 for Rust. A  ...)
-	TODO: check
+	NOT-FOR-US: Rust crate av-data
 CVE-2021-25903 (An issue was discovered in the cache crate through 2021-01-01 for Rust ...)
-	TODO: check
+	NOT-FOR-US: Rust crate cache
 CVE-2021-25902 (An issue was discovered in the glsl-layout crate before 0.4.0 for Rust ...)
-	TODO: check
+	NOT-FOR-US: Rust crate glsl-layout
 CVE-2021-25901 (An issue was discovered in the lazy-init crate through 2021-01-17 for  ...)
-	TODO: check
+	NOT-FOR-US: Rust crate lazy-init
 CVE-2020-36230
 	- openldap 2.4.57+dfsg-1
 	NOTE: https://bugs.openldap.org/show_bug.cgi?id=9423
@@ -325,43 +325,43 @@ CVE-2020-36221
 	NOTE: https://bugs.openldap.org/show_bug.cgi?id=9424
 	NOTE: https://git.openldap.org/openldap/openldap/-/commit/58c1748e81c843c5b6e61648d2a4d1d82b47e842 (OPENLDAP_REL_ENG_2_4_57)
 CVE-2020-36220 (An issue was discovered in the va-ts crate before 0.0.4 for Rust. Beca ...)
-	TODO: check
+	NOT-FOR-US: Rust crate va-ts
 CVE-2020-36219 (An issue was discovered in the atomic-option crate through 2020-10-31  ...)
-	TODO: check
+	NOT-FOR-US: Rust crate atomic-option
 CVE-2020-36218 (An issue was discovered in the buttplug crate before 1.0.4 for Rust. B ...)
-	TODO: check
+	NOT-FOR-US: Rust crate buttplug
 CVE-2020-36217 (An issue was discovered in the may_queue crate through 2020-11-10 for  ...)
-	TODO: check
+	NOT-FOR-US: Rust crate may_queue
 CVE-2020-36216 (An issue was discovered in Input<R> in the eventio crate before  ...)
-	TODO: check
+	NOT-FOR-US: Rust crate eventio
 CVE-2020-36215 (An issue was discovered in the hashconsing crate before 1.1.0 for Rust ...)
-	TODO: check
+	NOT-FOR-US: Rust crate hashconsing
 CVE-2020-36214 (An issue was discovered in the multiqueue2 crate before 0.1.7 for Rust ...)
-	TODO: check
+	NOT-FOR-US: Rust crate multiqueue2
 CVE-2020-36213 (An issue was discovered in the abi_stable crate before 0.9.1 for Rust. ...)
-	TODO: check
+	NOT-FOR-US: Rust crate abi_stable
 CVE-2020-36212 (An issue was discovered in the abi_stable crate before 0.9.1 for Rust. ...)
-	TODO: check
+	NOT-FOR-US: Rust crate abi_stable
 CVE-2020-36211 (An issue was discovered in the gfwx crate before 0.3.0 for Rust. Becau ...)
-	TODO: check
+	NOT-FOR-US: Rust crate gfwx
 CVE-2020-36210 (An issue was discovered in the autorand crate before 0.2.3 for Rust. B ...)
-	TODO: check
+	NOT-FOR-US: Rust crate autorand
 CVE-2020-36209 (An issue was discovered in the late-static crate before 0.4.0 for Rust ...)
-	TODO: check
+	NOT-FOR-US: Rust crate late-static
 CVE-2020-36208 (An issue was discovered in the conquer-once crate before 0.3.2 for Rus ...)
-	TODO: check
+	NOT-FOR-US: Rust crate conquer-once
 CVE-2020-36207 (An issue was discovered in the aovec crate through 2020-12-10 for Rust ...)
-	TODO: check
+	NOT-FOR-US: Rust crate aovec
 CVE-2020-36206 (An issue was discovered in the rusb crate before 0.7.0 for Rust. Becau ...)
-	TODO: check
+	NOT-FOR-US: Rust crate rusb
 CVE-2020-36205 (An issue was discovered in the xcb crate through 2020-12-10 for Rust.  ...)
 	TODO: check
 CVE-2020-36204 (An issue was discovered in the im crate through 2020-11-09 for Rust. B ...)
 	TODO: check
 CVE-2020-36203 (An issue was discovered in the reffers crate through 2020-12-01 for Ru ...)
-	TODO: check
+	NOT-FOR-US: Rust crate reffers
 CVE-2020-36202 (An issue was discovered in the async-h1 crate before 2.3.0 for Rust. R ...)
-	TODO: check
+	NOT-FOR-US: Rust crate async-h1
 CVE-2021-3280
 	RESERVED
 CVE-2021-3279
@@ -1072,7 +1072,7 @@ CVE-2021-3188 (phpList 3.6.0 allows CSV injection, related to the email paramete
 CVE-2021-3187
 	RESERVED
 CVE-2021-3186 (A Stored Cross-site scripting (XSS) vulnerability in /main.html Wifi S ...)
-	TODO: check
+	NOT-FOR-US: Tenda AC5
 CVE-2021-25645
 	RESERVED
 CVE-2021-25644
@@ -28213,7 +28213,7 @@ CVE-2020-26280 (OpenSlides is a free, Web-based presentation and assembly system
 CVE-2020-26279
 	RESERVED
 CVE-2020-26278 (Weave Net is open source software which creates a virtual network that ...)
-	TODO: check
+	NOT-FOR-US: Weave Net
 CVE-2020-26277 (DBdeployer is a tool that deploys MySQL database servers easily. In DB ...)
 	NOT-FOR-US: DBdeployer
 CVE-2020-26276 (Fleet is an open source osquery manager. In Fleet before version 3.5.1 ...)
@@ -34487,7 +34487,7 @@ CVE-2020-23524
 CVE-2020-23523
 	RESERVED
 CVE-2020-23522 (Pixelimity 1.0 has cross-site request forgery via the admin/setting.ph ...)
-	TODO: check
+	NOT-FOR-US: Pixelimity
 CVE-2020-23521
 	RESERVED
 CVE-2020-23520 (imcat 5.2 allows an authenticated file upload and consequently remote  ...)
@@ -39636,9 +39636,9 @@ CVE-2020-20952
 CVE-2020-20951
 	RESERVED
 CVE-2020-20950 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip L ...)
-	TODO: check
+	NOT-FOR-US: Microchip Libraries for Applications
 CVE-2020-20949 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 crypt ...)
-	TODO: check
+	NOT-FOR-US: STM32 cryptographic firmware library
 CVE-2020-20948
 	RESERVED
 CVE-2020-20947
@@ -41006,7 +41006,7 @@ CVE-2020-20271
 CVE-2020-20270
 	RESERVED
 CVE-2020-20269 (A specially crafted Markdown document could cause the execution of mal ...)
-	TODO: check
+	NOT-FOR-US: Caret Editor
 CVE-2020-20268
 	RESERVED
 CVE-2020-20267



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a37efd553771b402ce8bc38123bba86b5db95cc5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a37efd553771b402ce8bc38123bba86b5db95cc5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210125/4d93d694/attachment.html>

More information about the debian-security-tracker-commits mailing list